Ci penso domattina.. mannaggia... fatto un casino, ma verificato funziona tutto.
Ecco che c'è un incasinamento, ora quando cancella da dentro la tabella iptables tutti i riferimenti a UFW dopo averlo disabilitato, mi da errore in restosre nella linea della ip-blacklist
Codice: Seleziona tutto
iptables-restore v1.6.1: Couldn't load target `f2b-ip-blacklist':No such file or directory
mentre se lascio i riferimenti non mi da errore:
Codice: Seleziona tutto
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-track-forward - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
-A INPUT -p tcp -j f2b-ip-blacklist
-A INPUT -p tcp -m multiport --dports 22,939 -j f2b-sshd
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -s 169.254.55.0/24 -j ACCEPT
-A INPUT -s 2.234.35.165/32 -j ACCEPT
-A INPUT -s 103.21.244.0/22 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 103.22.200.0/22 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 103.31.4.0/22 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 104.16.0.0/12 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 108.162.192.0/18 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 131.0.72.0/22 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 141.101.64.0/18 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 162.158.0.0/15 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 172.64.0.0/13 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 173.245.48.0/20 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 188.114.96.0/20 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 190.93.240.0/20 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -s 199.27.128.0/21 -p tcp -m multiport --dports 80,443,2086,2096 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443,2086,2096 -m conntrack --ctstate NEW,ESTABLISH$
-A INPUT -p tcp -m multiport --dports 21,22,25,110,143,465,587,939,993,995 -m conntrack --c$
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 80,443,2086,2096 -m conntrack --ctstate ESTABLISHED $
-A OUTPUT -p tcp -m multiport --sports 21,22,25,110,143,465,587,939,993,995 -m conntrack --$
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A f2b-ip-blacklist -j RETURN
-A f2b-sshd -j RETURN
-A f2b-vsftpd -j RETURN
COMMIT
# Completed on Fri Jul 13 07:16:19 2018
Trovato cancellavo dei riferimenti di troppo in alto.... cioè questi:
Codice: Seleziona tutto
:f2b-ip-blacklist - [0:0]
:f2b-sshd - [0:0]
:f2b-vsftpd - [0:0]